Healthcare Cybersecurity Weekly Briefing 6-23-2017

Health Sector Security and the “Big Squishy Middle”
Call center operations have been shut down by telephone denial of service. An entire hospital system in the UK was shut down by ransomware – a problem that is only projected to escalate. And now medical devices have been shown to have been developed with the same (lack of) care as web-connected toys. At a time when national health care is the subject of debate (a term I’m using quite loosely here) and regulations are being viewed at the federal level as something to get rid of, I think we’re setting ourselves up for quite a landmine.https://criticalinformatics.com/health-sector-security-and-the-big-squishy-middle/

Healthcare Data Breach Costs Highest for 7th Straight Year
In the US, data breaches cost companies an average of $225 per compromised record. Furthermore, the total average organizational cost of data breach hit a new high at $7.35 million. Heavily regulated industries, including healthcare, experienced higher data breach costs. Following healthcare at $380 per capita, the industries with the highest costs were financial services ($336 per capita), services ($274), life science ($264), and industrial ($259). The mean per capita data breach costs were $225.https://healthitsecurity.com/news/healthcare-data-breach-costs-highest-for-7th-straight-year

Cybersecurity for Healthcare a “Public Health Concern,” Task Force Says
A federal task force called healthcare cybersecurity a “public health concern” that needs “immediate and aggressive attention,” and said increased digital connectivity places a greater responsibility on healthcare organizations to secure their equipment and patient data. […] Threats to cybersecurity for healthcare facilities range from technical exploits such as ransomware to insider threats such as employee negligence. Both types of threats can potentially expose patient data and leave it susceptible to fraud and identity theft.http://searchhealthit.techtarget.com/blog/Health-IT-Pulse/Cybersecurity-for-healthcare-a-public-health-concern-task-force-says

HHS: Microsoft Vulnerabilities Impact Healthcare Cybersecurity
HCCIC explained in its report that the vulnerabilities relate to the same type that allowed the WannaCry ransomware strain to spread. DHS specified that “Hidden Cobra” will likely target “the media, aerospace, financial, and critical infrastructure sectors in the United States and globally.” Because of that, it is possible that US healthcare and public health sector systems and devices are also targets.https://healthitsecurity.com/news/hhs-microsoft-vulnerabilities-impact-healthcare-cybersecurity

Healthcare Cybersecurity Measures Must Evolve for Success
There are two key areas that directly apply to healthcare from the ISACA report, Clyde explained. First, the Internet of Things (IoT) overtook mobile as the industry’s primary focus. “This is right in healthcare’s wheelhouse,” he stated. “It goes without saying that healthcare with its medical devices is one of the top industries that has adopted the Internet of Things to better people’s lives. But as this report indicates, the industry is concerned.”https://healthitsecurity.com/news/healthcare-cybersecurity-measures-must-evolve-for-success

Key Ransomware Prevention Measures in Recent Executive Order
The blog post also stressed that entities need to prepare for the worst-case scenario. There must be a plan for when disaster actually strikes, and preparation should be made in case of a long-term outage. Again noting the WannaCry attack, Weber and Kapelke said that UK hospitals “were forced to scramble when their data systems were frozen.” “Such a plan should take into account the possibility that electric grids, security systems, and anything else that depends on computing power and the internet may be shut down at least temporarily,” the duo advised.https://healthitsecurity.com/news/key-ransomware-prevention-measures-in-recent-executive-order

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.